The changes have made to prevent to block the API initiating user. (!80224) · Merge requests · GitLab.org / GitLab

Ela Doğruyol requested to merge elaadogruyol/gitlab:prevent-api-initiating-user-blocking into master Feb 08, 2022

The problem is that users are able to block themselves via the API. This situation is prevented in UI. The code changes are made create a consistent backend-frontend.

Controlling the IDs to understand if the current user is also the user that wants to be blocked: (in lib/api/users.rb).
```
elsif current_user.id == user.id
       forbidden!('The API initiating user cannot be blocked by the API')
```
spec/requests/api/users_spec.rb file has been organised accordingly.

Edited Feb 18, 2022 by Ela Doğruyol

The changes have made to prevent to block the API initiating user.

Merge request reports